Security Researcher Intern

About Semgrep

Our mission is to make world-class software security available to everyone. This means building program analysis tools that are open source, easy to use, powerful, and fast. It also means building a team with security expertise and a passion for great developer experiences. Most of all, it means working with honesty and respect in a diverse community of dreamers and builders. We’ve redefined static analysis tooling by committing to all of these, and turned our project, Semgrep, into an essential safeguard for code at Snowflake, Dropbox, and more.

About the role

As a Security Researcher at Semgrep, you will be a part of a team that is incredibly curious, motivated, and collaborative. You will get broad exposure to our security research and security efforts. And you will work on projects that span multiple security and engineering disciplines. This may include vulnerability research, writing Semgrep rules, engineering improvements to our production environment, or making changes to our rule templates.

During your internship, you will work closely with a dedicated group of Security researchers, program analysis experts, and product engineers. You will learn from senior security folks who bring experience and wisdom from decades of working in-house to secure organizations like Google, Facebook, and successful startups. You’ll be part of a larger intern cohort that is spread out across various teams in engineering. You’ll attend lunch and learn sessions across the company - learning about everything from the relative strengths and weaknesses of different development languages to the best ways to secure modern cloud infrastructure. You’ll get to use Semgrep and work to improve the product experience for our customers. 

To learn more about our internship program and what it is like to be a Security Researcher or on the Security team at Semgrep, check out our blog posts: 

• A Day in the Life of a Security Researcher
• Charissa Kim Internship Review

You will

• Participate in our Security Research operations program
• Triage new vulnerabilities and probe deeply into the source code to write Semgrep rules
• Conduct research and generate patterns to identify specific CVEs in our customers code
• Engineer improvements to our rule production pipeline, infrastructure, and rule writing tools
• Develop impactful ways to improve rule writing efficiency, such as through automations, integrations with AI, or templates
• Collaborate with other Security Researchers at Semgrep complete projects and tasks
• Present your team to the Semgrep team at the end of your internship

You are ideal for this role if you are

• Interested in building a career in Security or Security Research
• Curious to learn about vulnerabilities
• Eager to get experience with a broader range of languages
• Experienced with scripting in one or more well used languages: Python, Go, etc.
• Are able to work in our San Francisco office
• Can start your internship on May 27th, 2025 or June 23rd, 2025

A day in the life of a Security Research intern might consist of

• Conducting research for vulnerabilities in multiple languages 
• Working with the Security Research team to design and implement an improvement to our tooling
• Helping to debug and fix errors in our infrastructure
• Reviewing and writing code to add a feature in our rule writing pipeline 

What we offer

• $2,400 per week for our 10-week full-time internship
• Close 1:1 mentorship from full-time engineers on the team
• Regular feedback from your team’s manager
• The opportunity to work in-person in our San Francisco office
• An intern cohort of peers

What we offer

Our goal is to competitively and fairly compensate every Semgrep employee with a system that equally rewards those who are vocal and those who are less comfortable making demands during the final steps of the hiring process. To that end, we generate internal compensation bands that are used when discussing and negotiating salaries. We update these based on market data to make sure they’re above the average for comparable roles.

We also invest in our employees’ well-being and long term success with comprehensive health plans, generous vacation time, 401k, learning stipends, and more. Our benefits are for everyone, so that you’re taken care of, and we work with individuals to make sure they have what they need, whether that’s quiet work space, adjusted hours, or something else.

Who we are

We have people from France and the Philippines, physics and philosophy, formal methods research and full fledged corporations. We’re new parents and new grads, aspiring authors and aspiring Americans, dog lovers and dogfooders. We get together often to bike, bake, and meet up in parks. In our interactions, we believe respect and honesty go hand in hand, and prioritize both.

Semgrep is an equal-opportunity employer seeking a diverse range of backgrounds. We value who you are — including your cultural heritage, your socioeconomic status, your age, your race, your gender, your sexual orientation, your disabilities. We value what’s vitally important to you — your family, your religion, your politics. We value what you love in this world — your music, your weekend pursuits. We believe in welcoming varied professional backgrounds, educations, and interests. If you’re exceptional in your role, believe in Semgrep’s mission, and treat Semgrep’s values as your own, you belong here.